package cz.boxdesign.library.umgr.web;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;

import cz.boxdesign.library.entity.User;
import cz.boxdesign.library.umgr.domain.AuthentificatedUserDTO;

@Controller
@RequestMapping("/umgr")
public class UmgrController extends AbstractController {

  @Autowired
  Environment env;

  @InitBinder
  public void initModel(WebDataBinder binder) {
    Object targer = binder.getTarget();
    if (targer instanceof User) {
      if (binder.getValidator() == null) {
        //        binder.setValidator(new AutorValidator());
      }
    }
  }

  @RequestMapping(method = RequestMethod.GET)
  public ModelAndView loginPage() {
    ModelAndView model = new ModelAndView("umgr/login");
    model.addObject("user", new User());
    return model;
  }

  @RequestMapping(value = "/logout", method = RequestMethod.GET)
  public ModelAndView doLogin() {
    ModelAndView model = new ModelAndView("welcome");
    Authentication a = SecurityContextHolder.getContext().getAuthentication();
    a.setAuthenticated(false);
    return model;
  }

  @RequestMapping("/success")
  public ModelAndView success(HttpServletRequest request) {
    ModelAndView model = new ModelAndView("welcome");
    HttpSession session = request.getSession();
    Authentication a = SecurityContextHolder.getContext().getAuthentication();
    AuthentificatedUserDTO audto = (AuthentificatedUserDTO) a.getPrincipal();
    session.setAttribute("displayName", audto.getDisplayName());
    session.setAttribute("userId", audto.getUserId());
    List<GrantedAuthority> auth = new ArrayList<GrantedAuthority>(audto.getAuthorities());
    session.setAttribute("role",auth);
    return model;
  }

  @RequestMapping("/unauthorized")
  public ModelAndView unauthorizedAccess(HttpServletRequest request) {
    ModelAndView model = new ModelAndView("umgr/unauthorized-access");
    model.addObject("message", env.getProperty("umgr.unauthorized.access"));
    return model;
  }

  public ModelAndView register(@ModelAttribute User user, BindingResult errors, HttpServletRequest request) {
    return null;
  }

  @Override
  protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {

    return unauthorizedAccess(request);
  }

}
